Ledger will reimburse users who lost cryptocurrencies to hacking

Following the recent security incident that resulted in the theft of approximately $600,000 worth of cryptocurrencies, hardware wallet maker Ledger has announced measures to strengthen device security and compensate affected victims.

The attack, which took place on December 14, 2023, involved “blind signing” on DApps (decentralized applications) based on Ethereum Virtual Machine (EVM).

In response, Ledger promised to compensate all victims of the hack, including those who are not Ledger customers, as stated by the company’s CEO Pascal Gauthier.

According to rack Posted on Twitter and the company’s official blog, Ledger committed to resolving the situation by the end of February 2024. The company said it is in contact with many scammed users and is actively working on refund details.

Ledger disables blind subscription to Dapps

Ledger also announced a major change in the functionality of its devices: from June 2024, it will no longer be possible to “sign blind” with Ledger wallets.

The company said it will commit to enabling ‘Clear Signing’, where users can verify all transactions on Ledger devices before signing them.

The measure aims to establish a new standard to protect users and encourage ‘Clear Signing’ in DApps.

Ledger emphasized that front-end attacks have happened many times before and will continue to challenge the ecosystem. The most effective measure against these types of attacks is to always check the contents of the permission on the device.

“Clear Signing”, which allows users to see and verify exactly what they are signing on a secure screen, is essential to avoid risks.

The company has asked DApp developers to support the implementation of “Clear Signing,” inviting them to reach out via the Ledger developer portal or Discord to collaborate on adding the functionality to their DApps.

A detailed report on the cause of the hack and the Ledger security team’s response can be found on the company’s security and tech blog.

Finally, Ledger stated that Ledger devices and Ledger Live have “always been safe” to use and were not vulnerable to the exploit. For those who believe they have been affected by the attack, the company recommends contacting the Ledger Help Center.

Source: Live Coins